Who’s Accessing Your Systems? The Keys to Strong User Identity Management
Cybersecurity starts with knowing who has access to your systems. Firewalls aren’t enough to keep intruders out. With one study showing 81 percent of breaches rely on stolen or weak passwords, strong identity management is critical to protecting your valuable data. Combining single sign-on with multi-factor authentication is one of the best ways to implement strong controls and achieve data security.
Keys to Strong Identity Management
Achieving strong identity management relies on the following:
- Use single-sign on. With a single set of identities, managing identities becomes easier and errors are less likely. A single identity means management can be centralized. Today’s technology lets you integrate on-premises and cloud identities, enabling you to manage users the same way no matter where they’re accessing data.
- Multi-factor authentication. There’s no such thing as a strong password. People don’t create them, people don’t keep them safe, and password breaking tools get better every year. You can’t protect systems with a single password. Instead, use multifactor authentication in addition to passwords to add additional layers of identity verification. Start by adding 2-factor authentication to privileged user accounts.
- Eliminate shared, generic accounts. Don’t allow shared, generic admin accounts. If generic accounts are necessary, don’t simply accept default permissions; tailor the account privileges to the most restrictive level that still allows the account to perform its necessary tasks.
- Use role-based access controls. Don’t grant privileges to individuals based on what you think they need. Define roles based on job functions, grant privileges to the role, and assign roles to employees rather than assigning them specific read-write capabilities. Make sure the roles given to an employee don’t violate segregation of duty restriction.
- Formal, annual review process. Privileges shouldn’t be granted in perpetuity. You should review all users annually to make sure that they are granted only the permissions they need to perform their current job function. While privilege reviews are often conducted by an employee’s current superior, if they changed responsibilities during the year, privileges should also be reviewed by their previous manager. Any privileges no longer needed should be removed from the employee’s account. Any user or generic accounts that are no longer needed should be deleted entirely.
Complete Information Security Solutions in Chicago and Schaumburg
Prescient Solutions IT consulting and managed services support Chicago and Schaumburg enterprises in developing comprehensive information security solutions. Our expert team installs and configures firewalls, data loss prevention, and antivirus software. Onsite and virtual help desk services provide support for the administrative tasks of onboarding and managing user accounts. Contact us to learn how services from Prescient Solutions can simplify your identity management and other information security processes.